1 Answers
0
Accepted Answer
You could add a condition on the permissions on "CreateVpcEndpoint" endpoint where the ServiceName does not contains "com.amazonaws.vpce" which would block creating endpoints for customer created endpoint services.
answered 2 years ago
Relevant questions
Best way to manage access to a VPC Endpoint
Accepted Answerasked 2 years agoAWS VPC End Point
Accepted Answerasked 6 months agoDisabling access to non AWS services via VPC endpoints
Accepted Answerasked 2 years agoBenefits to S3 cross-region access with VPC peered interface endpoints vs. public internet using NAT gateways?
Accepted Answerasked 5 months agoHow to setup interface VPC endpoints in a multi tier architecture?
Accepted Answerasked 2 years agoTraffic between AWS serverless services - Does it always stay within the AWS network?
Accepted Answerasked 7 months agoDo we need VPC Endpoints for SNS and SQS if data not originating from any VPC and directly landing in SNS from external source
asked 7 months agoCan one customer's AppStream or Workspaces make connections to another customer's account via PrivateLink?
Accepted Answerasked a year agoPrivate link access over direct connect - Direct Connect Gateway
Accepted Answerasked 4 years agoAccessing resources in another VPC using Amazon Route 53 and AWS PrivateLink
Accepted Answerasked 2 years ago